Dtrack (trojan)

2019: Kaspersky Lab warned about viruses in ATMs which steal money

At the end of September, 2019 Kaspersky Lab announced a new virus which malefactors install in ATMs for theft of money from bank cards.

The malware under the name ATMDtrack at least since summer of 2018 is used for attacks on the Indian ATMs. The malware allows hackers to read out and load to itself data from bank cards which are inserted into the infected ATMs.

Kaspersky Lab announced a new virus which malefactors install in ATMs for theft of money from bank cards

According to the ARS Technica edition, investigation which was made by experts of Kaspersky Lab showed that ATMDtrack was a part of larger Trojan project under the name Dtrack which was used for espionage activity. This virus is applied by cyberattack on financial institutions and the research centers.

In total analysts managed to detect more than 180 new harmful samples with the sequences of the codes similar to ATMDtrack but which are not aimed at ATMs, and working as programs spies.

Using Dtrack malefactors completely control the infected device, load and unload files, write clicking of keys of the keyboard, read history of the browser and make other harmful actions. The companies which become, as a rule, badly protected by the victims of Dtrack: they use weak politicians of network security and passwords, do not monitor traffic.

Creation and distribution of ATMDtrack and Dtrack to Kaspersky Labs connect with the Lazarus cybergrouping, a main type of its activity is cyber espionage. However hackers are also noticed in carrying out the attacks aimed directly at theft of money that is usually not peculiar to similar groupings.

A huge number of the samples Dtrack found us says that Lazarus — one of the most active developers of the malware among APT groupings, says the Russian anti-virus company.[1]

Notes